I need to publish MOSS server farm on ISA 2006 with single NIC.
The scenario is:
1. ISA 2006 with single NIC in DMZ (workgroup). 2. MOSS 2007 with 2 Frontend webservers in internal network (member of domain). 3. Need SSL. 4. I need to use third party load balancer (F5) for 2 web servers.
Could someone give me details of the ISA configuration and also steps for publishing 2 MOSS web servers for same sharepoint site?
Also the configuration for certificates to be used.
For the recommended deployment which uses SSL bridging, you will need certificates on ISA and each of the SharePoint web servers. The ISA certs will need to be from a public CA, but the SharePoint certs could be from an internal CA.
I use F5s 6400E running 9.4 at work and have a similar setup and configured it with no problems. My ISA Server is a part of the domain (we use NTLM on the outside 'hop and Kerberos on the inside 'hop') so that's the main difference.
The LB has a virtual server that listens on 443 which ISA bridges to. On this virtual server, we use the standard HTTP profile and Cookie persistence as well as the standard OneConnect profile. Works just fine. You'll run into problems with NTLM auth with the OneConnect profile but from your config, it doesn't sound like you're going to be using NTLM.
Shoot me a private message if you want to talk about this offline.
Thanks Clint.. I am able to publish sharepoint farm in my above scenario using ldap.
There is a new requirement. I am trying to publish sharepoint farm on ISA 2006 (Single NIC) with Windows Integrated authentication to avoid password prompts to users.
My understanding is that ISA needs to be domain for this. Correct me if I am wrong.
I have setup ISA 2006 with sigle NIC in domain and trying to publish sharepoint farm with windows integrated authentication.
I have a confusion between Windows (Active Directory) authentication and HTTP Authentication with integrated checked with Windows (Active Directory) in Web Listener properties in Authentication Tab.
Which one do I need to use? Also, Why I try to select HTTP Authentication with integrated checked with Windows (Active Directory), ISA server is not letting me apply the changes and says "The authentication settings of the Web listener used in the rule are not compatible with the type of credentials delegation configured for this rule."
What delegation option do you have specified? You can't specify NTLM on the 'outside' hop and try to delegate this - you have to either change it to use Kerberos Delegation or not have ISA challenge the user and rely on the web servers to challenge the users 'directly'.
If you want to, email me at clintDOTdenhamATpbsgDOTcom and we can hash it out.